Abstract: The present disclosure relates to systems, methods, and computer-readable media for enhancing security of communications between instances of clients and servers while enabling rotation of server certificates (e.g., X.509 certificates). The systems described herein involve updating a client list of server certificates (e.g., a certificate thumbprint) without reconfiguring or re-installing a client and/or server application, starting a new session (e.g., a hypertext transfer protocol secure (HTTPS) session), or deploying new code. The systems described herein may passively or actively update a client list of certificates to enable a client to security verify an identity of a server instance in a non-invasive way that boosts security from man-in-the-middle types of attacks.

Abstract: Systems and methods for authenticating a user in an authentication system using a computing device configured to capture authentication biometric identity information. The authentication biometric identify information captured during an authentication session. The authentication biometric identify information may comprise or be derived from one or more images of the user being authenticated. The authentication biometric identify information is compared to root identify biometric information. The root identify biometric information is captured from a trusted source, such as trusted devices located at trusted locations, such as a government entity, financial institution, or business. Identity verification may occur by comparing the trusted root identify biometric information to the biometric identify information captured during an authentication session. Liveness determination may also occur to verify the user is a live person.

Abstract: A decoding apparatus having a non-transient memory in which is stored an electromagnetic signal representative of data which were encrypted relying on the difficulty of computing discrete logarithms. The decoding apparatus has a computer in communication with the memory that decodes the encrypted data in the memory by computing the data's discrete logarithm. The decoding apparatus has a display on which the decoded encrypted data are displayed by the computer. A method for decoding.

Abstract: A computer-readable recording medium storing a program to be executed by a first apparatus in a system of issuing attribute certificate information of each user, the program including instructions for causing a processor of the first apparatus to execute processing including: obtaining, from a second apparatus in the system, a value unique to an identifier that uniquely identifies a user, the second apparatus being a device capable of verifying authenticity of an electronic document to be signed; creating certificate information that includes attribute information identified from the attribute certificate information, certification information that certifies the attribute information, and the obtained value; generating an electronic signature for the electronic document and the certificate information using a private key that corresponds to the identifier; and outputting the electronic document and the certificate information to which the generated electronic signature is attached in association with the iden

Abstract: In one example an apparatus comprises a computer readable memory, an XMSS verification manager logic to manage XMSS verification functions, a one-time signature and public key generator logic, a chain function logic to implement chain function algorithms, a low latency SHA3 hardware engine, and a register bank communicatively coupled to the XMSS verification manager logic. Other examples may be described.

Abstract: A generic wireless device management system and a method for operating the management system in a controlled environment is disclosed. The enterprise management system includes a generic wireless device and a generic provisioning server. The generic wireless device, which is initially in a generic blank state, coordinates with the generic provisioning server to authenticate an inmate and to load an inmate profile. After loading the inmate profile, the generic wireless device provides access to content specific to the inmate. After the inmate signs out of the generic wireless device, the generic wireless device is returned to a generic blank state.

Abstract: Systems and methods for authenticating a user in an authentication system using a computing device configured to capture authentication biometric identity information. The authentication biometric identify information captured during an authentication session. The authentication biometric identify information may comprise or be derived from one or more images of the user being authenticated. The authentication biometric identify information is compared to root identify biometric information. The root identify biometric information is captured from a trusted source, such as trusted devices located at trusted locations, such as a government entity, financial institution, or business. Identity verification may occur by comparing the trusted root identify biometric information to the biometric identify information captured during an authentication session. Liveness determination may also occur to verify the user is a live person.

Abstract: Methods and apparatus for seamless SMM (System Management Mode) global driver update base on SMM Root-of-Trust. Mechanisms are provided to load and replace SMM drivers at runtime in a secure manner, without requiring an SMM firmware update and platform reset. SMM code is executed by BIOS during boot in a hidden area of memory called SMRAM space. Seamless update using an SMM Global Driver Update provides a method to load and replace all SMM drivers (including SMM infrastructure) on an already shipped platform production for purposes such as bug fixes. The principles and teachings may also be applied to update other types of secure execution mode code in addition to SMM code.

Abstract: Techniques are provided for securely routing network traffic data. A kernel routine in a computing device obtains content metadata from the network traffic data associated with an application. The kernel routine can evaluate the content metadata and determine whether security and privacy policies should be applied to the network traffic data associated with the content metadata. The kernel routine can automatically create or identify tags for the content metadata based on intent and context information that is determined by the kernel routine. The tags can be associated with particular security and privacy policies, such as anonymization and encryption.

Abstract: For increased security, a source is determined for software to be installed on a computing device. In one approach, a side-load server receives, from a mobile device, data regarding an application to be installed on the mobile device. The server determines a source of the application, then sends, to an authenticity server, data regarding the source. The server receives, from the authenticity server, a first state designation for the application. In response to receiving the first state designation, the server sets a second state designation, and sends the second state designation to the mobile device (e.g., to permit or block installation of the application).

Abstract: A computing system uses AES-XTS encryption to encrypt data of a first part of first data stream using a tweak key, a data key, an initial tweak value, in a first encryption session, store the encrypted first part, then encrypts a second part of the first data stream in a second encryption session commenced after the termination of the first encryption session; and store the encrypted second part in the encrypted data store. The second part of the first data stream is encrypted using a modified tweak value computed based on the initial tweak value, the tweak key, and a block index of a last cipher block of the first part of the first data stream.

Abstract: According to one embodiment, an electronic device includes a non-volatile memory; a controller that is electrically connected to the non-volatile memory and configured for accessibility to a memory space including a plurality of management areas in a host; at least one counter that is provided for each of the plurality of management areas and configured to increment a count value each time data is stored in the corresponding one of the plurality of management areas; and a circuit configured to generate a first value relating to integrity of the data for each management area based on the count value and the data. The controller is configured to store the data and the first value associated with the data.

Abstract: A computing system includes a processor, a network interface controller configured to communicate via a black network, a gray network and a red network; a virtual desktop infrastructure application including computer-executable instructions configured to: perform systematic monitoring; remediate a network vulnerability finding; and notify a user; and a service management application. A computer-implemented method includes configuring a network interface controller to communicate via a black network, a gray network and a red network; accessing a service management application; performing systematic monitoring; remediating a network vulnerability finding; and notifying a user.

Abstract: Methods and apparatus for providing protected content to subscribers of a managed (e.g., MSO) network via a content source accessible via an internetwork such as the Internet. In one embodiment, a user accesses a programmer website website, and requests content. The programmer determines whether the requesting user is permitted to access the content, and what rights or restrictions are associated with the user. This includes authenticating the user as a subscriber of the MSO, and determining the subscriber's subscription level. In another embodiment, a user's account with the MSO and programmer may be federated, thus a given user will have MSO-specific information regarding its identity (such as login information, GUID, etc.) and/or information regarding subscription level and service details, stored at the programmer. Messages received from the MSO representing permission for the user to access content may also be stored at the programmer site for later reference.

Abstract: Systems and methods systems and methods for efficiently and securely forming a communication network. As a non-limiting example, various aspects of the present disclosure provide systems and methods, for example utilizing a plurality of different security modes, for forming a premises-based network (e.g., a MoCA network).

Abstract: Certain embodiments of the present disclosure relate to systems and methods that control access to system resources, such as interfaces, access rights to events, query systems, and other suitable system resources. Further, certain embodiments of the present disclosure relate to a collision detection technique that is implemented to control which and/or a number of queue positions within a queue that are processed. In some implementations, a collision may be detected when two or more users request the same access right within a defined time period.

Abstract: In a method of operating a storage device including a plurality of storage regions, a first request is received. The first request is for a cryptographic erasure with respect to a first storage region. During a first time interval, a first encryption key corresponding to the first storage region is changed based on the first request. A second request is received. In response to receiving the second request within the first time interval, a region access signal is outputted. In response to determining, based on the region access signal, that the second request is associated with the first storage region, an execution of the second request is held. In response to determining, based on the region access signal, that the second request is associated with a second storage region among the plurality of storage regions, the second request is executed.

Abstract: The present invention describes the user authentication system comprising of multiple levels of security which is used to authorize the user. The system uses more than one levels of authentication process which receives the credentials from the user and authorizes them to allow access to the IoT devices which are used by the user. The connected devices represent individual targets for the cyber-criminals who 20 would hack the devices to retrieve the secure information of the users. Such insecurities about the IoT devices and the system are eliminated by using the multiple level user authentication system which is described in the present invention.

Abstract: Various systems, methods, and computer program products are provided for generating and monitoring dynamic identifiers for data processing security. The method includes generating a dynamic identifier for a user request. The dynamic identifier changes based on a receiving node of the dynamic identifier. The method also includes updating the dynamic identifier in an instance in which the user request is transmitted from a first node to a second node. The method further includes generating a dynamic identifier change log. The dynamic identifier change log includes at least one historical dynamic identifier from a previous receiving node. The method still further includes determining whether the dynamic identifier change log matches an expected dynamic identifier change log. The method also includes causing a transmission of a dynamic identifier verification upon determining that the dynamic identifier change log matches the expected dynamic identifier change log.

Abstract: A mobile network based authentication system for authenticating a user's access to a restricted-access account includes an application server and an identification server. The application server is configured to authenticate the user's access to the restricted-access account by transmitting a one-time password to a mobile computing device of the user and confirming that the one-time password has been entered by the user. The identification server communicates with the application server after the application server receives a request from the user to access the restricted-access account and before the application transmits the one-time password to the mobile device, to verify that an attribute of the restricted-access account is linked to a network identification of the mobile computing device.